Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC
Games After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.
Permalink for comment 471131
To read all comments associated with this story, please click here.
RE: Comment by atsureki
by timalot on Wed 27th Apr 2011 04:50 UTC in reply to "Comment by atsureki"
timalot
Member since:
2006-07-17


They were storing passwords in cleartext?


If they are storing passwords in cleartext, not unheard of in proprietary systems, imagine the word list the hackers will have for future hacking, especially if tied to email addresses.

Simple way to take the power back, do your own hashing: use a real password, append some salt (ie domain name string) and pass it through a hashing method eg MD5 or SHA1. And use the output as your password for "Mega Corporation X's" service. By changing the salt for every service you generate unique passwords for each so hackers wont pwn you. And you need to only remember one password.

The passwordmaker extension for firefox does this, also available as a app for your phone.

See:
http://passwordmaker.org/

Reply Parent Score: 1